Search squid archive

Re: Inaccessible google.com (squid-3.4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The issue happened a couple more times since my first post.
I've applied a modified logformat, which highlights response times, dns query times and reply sizes. Sorting by response time descending it appears I've got a problem with CONNECT requests to port 443. 

Could it be a SSL-related misconfiguration on my part?

Thank you in advance.
Here are some of the first lines of my access.log sorted by response time descending (some fields awk'd out for clarity): 


1st column: %tr - response time
2nd column: $dt - total time spent making DNS lookups
3rd column: %st - req + reply size incl. headers
4th column: %rm - req method
5th column: %ru - req url from client

500256 96 6726 CONNECT javadl-esd-secure.oracle.com:443
357444 1959 3657 CONNECT www.google.com:443
357216 5382 3658 CONNECT www.google.com:443
298138 - 6907 CONNECT www.google.com:443
298136 797 3914 CONNECT www.google.com:443
223620 39 186847 CONNECT www.facebook.com:443
183223 40 36982 CONNECT scontent-b-mxp.xx.fbcdn.net:443
181589 180 7128 CONNECT pixel.facebook.com:443
180107 38 6825 CONNECT www.google.com:443
179132 - 5648 CONNECT www.google.com:443
179116 - 5648 CONNECT www.google.com:443
179101 896 2397 CONNECT www.google.com:443
179101 - 5911 CONNECT www.google.com:443
179100 244 5654 CONNECT www.google.com:443
179096 38 5659 CONNECT www.google.com:443
179095 48 5652 CONNECT www.google.com:443
179094 57 5651 CONNECT www.google.com:443
179094 - 5659 CONNECT www.google.com:443
179094 50 5650 CONNECT www.google.com:443
179093 - 5650 CONNECT www.google.com:443
179090 - 5652 CONNECT www.google.com:443
179088 0 5651 CONNECT www.google.com:443
178606 0 2398 CONNECT www.google.com:443
178577 39 2398 CONNECT www.google.com:443
178372 231 2393 CONNECT www.google.com:443
178302 217 2390 CONNECT www.google.com:443
178241 259 2395 CONNECT www.google.com:443
178114 212 2395 CONNECT www.google.com:443
178103 239 2399 CONNECT www.google.com:443
178095 342 2396 CONNECT www.google.com:443
178093 220 2395 CONNECT www.google.com:443
178090 339 2396 CONNECT www.google.com:443
177553 0 2396 CONNECT www.google.com:443



and here's my squid.conf (minus sensitive info)



logformat mylogformat  %tl %tr %dt %st %>a %Ss %Sh %rm %ru
access_log daemon:/usr/local/squid/var/logs/access.log mylogformat
cache_log /usr/local/squid/var/logs/cache.log

client_netmask 255.255.255.0
acl localnet src ****

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

acl bulk_transfers_1 dstdomain ***
acl bulk_transfers_2 dstdomain ***
acl bulk_transfers_3 url_regex -i ***
acl bulk_transfers_4 url_regex -i ***
acl bulk_transfers_5 url_regex -i ***
acl bulk_transfers_6 url_regex -i ***
acl bulk_transfers_7 url_regex -i ***
acl bulk_transfers_8 url_regex -i ***
acl bulk_transfers_10 dstdomain ***
acl bulk_transfers_11 dst ***
acl bulk_transfers_12 dstdomain ***

acl primeblacklist dstdomain ***
acl myblacklist dstdomain ***
acl adv_domains_re dstdom_regex ***
acl adv_urls url_regex ***
acl adv_passthrough_regex url_regex ***
acl adv_passthrough_dstdom dstdomain ***

http_access allow adv_passthrough_regex
http_access allow adv_passthrough_dstdom
http_access deny         primeblacklist
http_access deny CONNECT primeblacklist
http_access deny         myblacklist
http_access deny CONNECT myblacklist
http_access deny         adv_domains_re
http_access deny CONNECT adv_domains_re
http_access deny         adv_urls
http_access deny CONNECT adv_urls

http_access allow localnet
http_access allow localhost
http_access deny all

http_port 3128

cache_replacement_policy heap LFUDA
cache_dir aufs /home/squid3/cachedir2 20000 32 256

maximum_object_size 100 MB
cache_mem 512 MB

cache_effective_user proxy
cache_effective_group proxy

coredump_dir /usr/local/squid/var/cache/squid

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320


append_domain ***

tcp_outgoing_address ***addr_A*** bulk_transfers_1
tcp_outgoing_address ***addr_A*** bulk_transfers_2
tcp_outgoing_address ***addr_A*** bulk_transfers_3
tcp_outgoing_address ***addr_A*** bulk_transfers_4
tcp_outgoing_address ***addr_A*** bulk_transfers_5
tcp_outgoing_address ***addr_A*** bulk_transfers_6
tcp_outgoing_address ***addr_A*** bulk_transfers_7
tcp_outgoing_address ***addr_A*** bulk_transfers_8
tcp_outgoing_address ***addr_A*** bulk_transfers_9
tcp_outgoing_address ***addr_A*** bulk_transfers_10
tcp_outgoing_address ***addr_A*** bulk_transfers_11
tcp_outgoing_address ***addr_A*** bulk_transfers_12
tcp_outgoing_address ***addr_B***

dns_v4_first on

--
Marcello Romani
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux